Skip to main content

cURL Command Cheatsheet

cURL is a command-line network transfer tool, pre-installed on virtually every Linux and macOS system. This cheatsheet covers the most commonly used curl commands — from basic GET requests to advanced proxy configuration and debugging tips — each with practical examples. Whether you're debugging APIs or batch-downloading files, this guide has you covered.

Updated: 2026-07-16·40 commands

Quick Reference

TaskCommand
Send a GET requestcurl https://api.example.com
Send a POST requestcurl -X POST -d 'key=val' URL
Set a headercurl -H "Authorization: Bearer TOKEN" URL
Download a filecurl -O url or curl -o output url
Debug request processcurl -v URL
Send JSON datacurl -X POST -H 'Content-Type: application/json' -d '{"key":"val"}' URL
Upload a filecurl -F "file=@photo.jpg" URL
Use a proxycurl -x http://proxy:8080 URL

Request Methods

``bash # GET request (default) curl https://api.github.com/users/octocat

# POST request curl -X POST https://httpbin.org/post \ -d "username=alice&password=secret"

# POST with JSON curl -X POST https://httpbin.org/post \ -H "Content-Type: application/json" \ -d '{"name":"Alice","email":"alice@example.com"}'

# PUT request (update resource) curl -X PUT https://api.example.com/users/1 \ -H "Content-Type: application/json" \ -d '{"name":"Alice Updated"}'

# DELETE request curl -X DELETE https://api.example.com/users/1

# PATCH request (partial update) curl -X PATCH https://api.example.com/users/1 \ -H "Content-Type: application/json" \ -d '{"email":"new@example.com"}'

# HEAD request (response headers only) curl -I https://example.com

# OPTIONS request (see supported methods) curl -X OPTIONS https://api.example.com -i `

Headers

`bash # Set a custom header curl -H "Accept: application/json" https://api.example.com

# Multiple headers curl -H "Accept: application/json" \ -H "Authorization: Bearer token123" \ -H "X-Custom-Header: custom-value" \ https://api.example.com

# Set User-Agent curl -A "Mozilla/5.0 (Linux; Android 13) Chrome/120" \ https://example.com

# Set Referer curl -e "https://google.com" https://example.com

# Include response headers in output (-i) curl -i https://example.com

# View response headers only (-I sends HEAD request) curl -I https://example.com

# Custom Cookie header curl -H "Cookie: sessionId=abc123; theme=dark" \ https://example.com

# Range request (download partial content) curl -r 0-1023 https://example.com/file.zip `

Authentication

`bash # Basic Auth (username:password) curl -u "alice:password123" https://api.example.com/secure

# Basic Auth (prompt for password, more secure) curl -u "alice" https://api.example.com/secure

# Bearer Token (JWT / OAuth2) curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9..." \ https://api.example.com/protected

# Digest Authentication curl --digest -u "alice:password" \ https://api.example.com/digest-auth

# .netrc file authentication # In ~/.netrc add: # machine api.example.com login alice password secret curl -n https://api.example.com/secure

# Client Certificate (mTLS) curl --cert client.pem --key client-key.pem \ https://api.example.com/mtls

# OAuth2 Client Credentials flow curl -X POST https://auth.example.com/oauth/token \ -d "grant_type=client_credentials" \ -d "client_id=myapp" \ -d "client_secret=mysecret"

# API Key (query parameter) curl "https://api.example.com/data?api_key=sk-xxxxx" `

File Upload

`bash # Upload file via form (multipart/form-data) curl -F "file=@report.pdf" \ -F "title=Annual Report" \ https://api.example.com/upload

# Upload file with MIME type curl -F "image=@photo.jpg;type=image/jpeg" \ https://api.example.com/upload

# PUT upload (raw binary) curl -T report.pdf \ -H "Content-Type: application/pdf" \ https://api.example.com/documents/report.pdf

# Download file (preserve original name) curl -O https://example.com/file.zip

# Download file (specify output name) curl -o output.txt https://example.com/data.json

# Resume download curl -C - -O https://example.com/large-file.iso

# Rate limit download speed curl --limit-rate 1M -O https://example.com/big-file.zip

# FTP upload curl -T file.txt ftp://ftp.example.com/upload/ \ --user "alice:password"

# FTP download curl ftp://ftp.example.com/file.txt --user "alice:password"

# Large file download (follow redirects) curl -L -O https://example.com/latest-release.tar.gz `

Debug & Diagnostics

`bash # Verbose mode (view request and response headers) curl -v https://api.example.com

# Trace full request (including SSL handshake) curl --trace-ascii trace.log https://api.example.com

# Binary trace (most detailed debug mode) curl --trace trace.bin https://api.example.com

# Time statistics with -w curl -w "\nTime breakdown:\n\ DNS lookup: %{time_namelookup}s\n\ TCP connect: %{time_connect}s\n\ TLS handshake: %{time_appconnect}s\n\ TTFB: %{time_starttransfer}s\n\ Total time: %{time_total}s\n\ Downloaded: %{size_download} bytes\n\ HTTP status: %{http_code}\n" \ -o /dev/null -s https://api.example.com

# Connection timeout curl --connect-timeout 10 --max-time 30 \ https://example.com

# Silent mode (no progress bar or errors) curl -s https://api.example.com

# Silent but show errors curl -sS https://api.example.com

# Get HTTP status code only curl -s -o /dev/null -w "%{http_code}" \ https://api.example.com

# Follow redirects (max 5) curl -L --max-redirs 5 https://httpbin.org/redirect/3

# Skip SSL verification (dev/test only) curl -k https://self-signed.example.com

# Specify CA certificate file curl --cacert /path/to/ca-bundle.crt \ https://api.example.com

# Specify TLS version curl --tlsv1.2 https://secure.example.com

# Custom DNS resolution (bypass DNS) curl --resolve "example.com:443:127.0.0.1" \ https://example.com

# Health check (status code only) curl -s -o /dev/null -w "%{http_code}" \ https://api.example.com/health `

`bash # Send Cookie as header curl -H "Cookie: session=abc123; user=alice" \ https://example.com

# Save server Set-Cookie to file (cookie jar) curl -c cookies.txt https://example.com/login

# Load cookies from file and send curl -b cookies.txt https://example.com/dashboard

# Save and load cookies simultaneously (session persistence) curl -c cookies.txt -b cookies.txt \ https://example.com/login

# Login then use cookie for subsequent requests curl -c session.txt -X POST \ -d "username=alice&password=secret" \ https://api.example.com/auth/login

curl -b session.txt \ https://api.example.com/user/profile

# Ignore cookies (don't persist any) curl --no-cookie https://example.com

# Empty cookie (send empty Cookie header) curl -b "NONE" https://example.com `

Proxy Configuration

`bash # HTTP proxy curl -x http://proxy.example.com:8080 \ https://api.example.com

# HTTPS proxy curl -x https://proxy.example.com:443 \ https://api.example.com

# SOCKS5 proxy curl --socks5 127.0.0.1:1080 \ https://api.example.com

# SOCKS5 with DNS resolution through proxy curl --socks5-hostname 127.0.0.1:1080 \ https://api.example.com

# SOCKS4 proxy curl --socks4 127.0.0.1:1080 \ https://api.example.com

# Authenticated proxy curl -x http://proxy.example.com:8080 \ --proxy-user "user:password" \ https://api.example.com

# Bypass proxy (direct connection) curl --noproxy "localhost,127.0.0.1,*.local" \ https://api.example.com

# Use proxy from environment variables # export http_proxy=http://proxy:8080 # export https_proxy=http://proxy:8080 curl https://api.example.com

# Ignore environment proxy settings curl --noproxy "*" https://api.example.com ``

Request Methods(7)

CommandLevel
curl <url>
Send a GET request (default method)
Basic
curl -X POST
Send a POST request
Basic
curl -X PUT
Send a PUT request (update a resource)
Intermediate
curl -X DELETE
Send a DELETE request
Intermediate
curl -X PATCH
Send a PATCH request (partial update)
Intermediate
curl -I
Send a HEAD request (response headers only)
Basic
curl -X OPTIONS
Send an OPTIONS request (see supported methods)
Intermediate

Headers(4)

CommandLevel
curl -H
Set a custom request header
Basic
curl -A
Set the User-Agent header
Basic
curl -e
Set the Referer header
Intermediate
curl -i
Include response headers in output
Basic

Authentication(4)

CommandLevel
curl -u
HTTP Basic authentication
Basic
curl -H "Authorization: Bearer <token>"
Bearer Token authentication (JWT / OAuth2)
Intermediate
curl --digest
HTTP Digest authentication
Intermediate
curl -n
Use .netrc file for authentication
Intermediate

File Upload(8)

CommandLevel
curl -F
Multipart form file upload
Intermediate
curl -T
PUT file upload (raw binary content)
Intermediate
curl -O
Download file preserving the original filename
Basic
curl -o
Download file with a custom output filename
Basic
curl -C -
Resume a download
Intermediate
curl --limit-rate
Limit download/upload speed
Intermediate
curl -T ftp://
Upload file via FTP
Intermediate
curl -L -O
Follow redirects while downloading
Basic

Debug(8)

CommandLevel
curl -v
Verbose mode — show request and response headers
Basic
curl --trace-ascii
Trace request details (including SSL handshake)
Intermediate
curl -w
Custom output format (time statistics, etc.)
Intermediate
curl --connect-timeout --max-time
Set connection timeout and max request time
Intermediate
curl -s / -sS
Silent mode (hide progress bar)
Basic
curl -k
Skip SSL certificate verification (dev/test only)
Intermediate
curl -L --max-redirs
Follow redirects with a max redirect limit
Intermediate
curl --resolve
Custom DNS resolution (force IP address)
Expert

Proxy(5)

CommandLevel
curl -x <proxy>
Use an HTTP/HTTPS proxy
Intermediate
curl --socks5
Use a SOCKS5 proxy
Intermediate
curl --socks5-hostname
Use SOCKS5 proxy with DNS resolution through proxy
Intermediate
curl --proxy-user
Authenticated proxy connection
Intermediate
curl --noproxy
Bypass proxy for specific domains (direct connection)
Intermediate

FAQ

This cheatsheet is compiled from official tool documentation. Last updated: 2026-07-16.